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DETAILED ACTION 

1 . Applicant's arguments filed 8/14/2009 have been fully considered. 

2. Claims 1-19, 21-41, and 43-57 are pending and have been examined. Claims 20 
and 42 have been canceled. 

Response to Amendment 

3. The requested IDSs (10/31/03 and 9/21/07) have been previously signed and 
submitted with the office action dated 12/10/2007. 

4. The rejection under 35 USC 101 is withdrawn. 

5. Regarding the argument that the actions are unrelated to a document, Examiner 
respectfully points out that Garcia teaches providing offline access to a particular 
document, and then the user can create a document while offline, i.e. second 
document. Further, the access control to this second document is "unrelated to the 
electronic document " for which offline access is provided. 

6. When the user gets back to the company's premises and synchronizes 
(transparently), the synchronization applies not only to the files for which off-line access 
was requested prior to leave the premises, but also to the ones created while off-line 
(col.3-4). 

7. Regarding the statement "Rather, the claimed subject matter covers 
synchronizing offline access information before going offline, so previously created 
documents can still be accessed while offline. The Office has failed to address this 
subject matter, or how Garcia can be considered to teach this subject matter as a 
whole". Examiner points out that Garcia teaches such feature, since before going 
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offline, (Garcia, col. 32-33) the user requests offline access authorization which is 
processed by the server, and includes updating (i.e. synchronize) rules and keys for 
offline access. The arguments are not persuasive. 

8. The issue with the address of the server (claim 1 9) is a matter of inherency, since 
somehow the client and the server communicate securely, an address is needed, and 
computer systems inherently posses an identifier or address when connected to a 
network. Furthermore, Garcia teaches an encrypted portion of a header including the 
access control rules, which Examiner interprets as inherently including the control 
server address in order to synchronize when connected. Even assuming arguendo none 
of this is "reasonable", Houston (20040030702) literally teaches such feature, a 
document includes the address of the server. 

9. While the breadth of the claims in the application should always be carefully 
noted; that is, the examiner should be fully aware of what the claims do not call for, as 
well as what they do require; during patent examination, the claims are given the 
broadest reasonable interpretation consistent with the specification . 

1 0. Regarding the arguments against the prior art. Examiner respectfully submits that 
Garcia does in fact teach the amended portion, an action unrelated to a second 
electronic document (col.4, lines 25-50, create documents off-line and synchronizing 
when back online). Arguments are not persuasive. Furthermore, adding an address 
(claim 19) to the myriad of items already taught by Garcia would have been obvious, 
and Examiner submits that it the address is inherent to the system, in order for the client 
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to know to which server it needs to communicate, transparently. Arguments are not 
persuasive. 

1 1 . Regarding the traversal of the Official Notice taken by Examiner, Examiner 
submits that Beard et al. (2005/0044378, par.109-112, 7,302,570, col. 15, lines 15-35), 
Johnston et al. (7,058,663, claim 1), Altenhofen et al. (2003/0232318, par.78-87), Seo 
et al. (2002/0046176, par.19, 38, 47, claim 8) teach the features. 

Claim Rejections - 35 USC § 102 

1 2. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

13. Claims 1, 4-19, 21-23, 26-41, and 43-57 are rejected under 35 U.S.C. 102(e) 
as being anticipated by Garcia (US Patent 7,380,120). 

Regarding claims 1 and 23, Garcia teaches 

receiving a request from a client to take an action with respect to a first electronic 
document (col.32, lines 20-67, offline access enablement for particular files), the action 
unrelated to a second electronic document (col.4, lines 25-50, create documents off- 
line); and 

synchronizing offline access information with the client, in response to the 
request, to pre-authorize the client, to allow actions by a user as a member of a group of 
users, by sending to the client an update to offline access information retained at the 
client, the update comprising a first key associated with the group, the first key being 
useable at the client to access a second electronic document while offline by decrypting 
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a second key in the second electronic document (col.33, lines 1-55, update stored 
rules). 

Regarding claims 12 and 34, Garcia teaches 

receiving a request to take an action with respect to a first electronic document 
(col.32, lines 20-67, offline access enablement for particular files), , the action unrelated 
to a second electronic document (col.4, lines 25-50, create documents off-line); and 

synchronizing offline access information with a document control server in 
response to_the request, when online, to pre-authorize offline access to the second 
electronic document, the synchronizing comprising receiving an update to offline access 
information retained locally, the update comprising a first key associated with a group of 
users of the document control server (col.33, lines 1-55, update stored rules); and 

allowing access to the second electronic document, when offline, by performing 
operations comprising using the first key to decrypt a second key in the second 
electronic document and governing actions with respect to the second electronic 
document based on document-permissions information associated with the second 
electronic document (col.33, lines 1-67, user access according to updated rules while 
offline). 

Regarding claims 19 and 41, Garcia teaches 
encrypting an electronic document (fig.2B); and 

incorporating into the encrypted electronic document an address of a document 
control server, document-permissions information, and an encryption key useable in 
decrypting the encrypted electronic document, the encryption key being encrypted with 
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a key generated by, and associated with a group of users of, the document control 
server; wherein the encryption key comprises a session key generated by the document 
control server, encrypting the electronic document comprises encrypting the electronic 
document using a document key, and incorporating comprises incorporating into the 
encrypted electronic document a document security payload comprising the document 
key and the document-permissions information, the document security payload being 
encrypted using the session key (fig.2C.3, col. 15, lines 30-67, col.28, lines 35-60, 
authenticate user on access of local document over at server). 

Regarding claims 45 and 56, Garcia teaches 

a document control server that 

receives a client request to take an action with respect to a first electronic 
document (col.32, lines 20-67, offline access enablement for particular files), the client 
request unrelated to a second electronic document (col.4, lines 25-50, create 
documents off-line); and 

synchronizes offline access information with a client in response to a client 
request, to pre-authorize offline access to an electronic document by sending an update 
to the offline access information retained at the client, the update comprising a first key 
associated with a group, the first key being useable at the client to access the electronic 
document by decrypting a second key in the electronic document (col.33, lines 1-55, 
update stored rules); and 

the client that stores the first kev in a memory and allows access to the electronic 
document, when offline, by a user as a member of the group, using the first key to 
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decrypt the second key in the electronic document and governing actions with respect 
to the electronic document based on document-permissions information associated with 
the electronic document (col.33, lines 1-67, user access according to updated rules 
while offline). 

Regarding claims 4 and 26, Garcia teaches wherein the client allows actions 
with respect to the second electronic document based on document-permissions 
information residing in the second electronic document (col. 13, lines 1-55). 

Regarding claims 5 and 27, Garcia teaches wherein the offline access 
information update further comprises document-permissions information associated with 
multiple documents, including the second electronic document, and the client allows 
actions with respect to the second electronic document based on the document- 
permissions information (col.33, lines 1-67). 

Regarding claims 6 and 28, Garcia teaches wherein synchronizing offline 
access information with the client comprises synchronizing silently in a background 
process without the user being aware of the update (col.33, lines 1-67). 

Regarding claims 7 and 29, Garcia teaches wherein the request requires 
authentication, the method further comprising verifying the user at the client as an 
authenticated user (col. 32, lines 20-67). 

Regarding claims 8 and 30, Garcia teaches wherein the offline access 
information update further comprises: at least one user-specific key; at least one group- 
specific key, including the first key; and at least one set of document-permissions 
information associated with multiple documents (col.33, lines 1-67). 
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Regarding claims 9 and 31, Garcia teaches receiving an offline audit log from 
the client (col. 31 , lines 30-45). 

Regarding claims 10 and 32, Garcia teaches wherein the at least one set of 
document-permissions information comprises one or more policies associated with the 
first document, and the offline access information update further comprises a document 
revocation list (col.33, lines 1-67). 

Regarding claims 11 and 33, Garcia teaches wherein the offline access 
information update further comprises at least one set of document-permissions 
information, associated with a specific document, selected based on synchronization 
prioritization information (col.33, lines 1-67). 

Regarding claims 13 and 35, Garcia teaches wherein governing actions with 
respect to the electronic document comprises obtaining the document-permissions 
information from the electronic document (col. 13, lines 1-67). 

Regarding claims 14 and 36, Garcia teaches wherein governing actions with 
respect to the electronic document comprises: identifying a document policy reference 
in the electronic document; and obtaining locally retained document-permissions 
information based on the document policy reference (col. 13, lines 1-67). 

Regarding claims 15 and 37, Garcia teaches wherein the offline access 
information update comprises at least one user-specific key, at least one group-specific 
key, including the first key, at least one set of document-permissions information 
associated with multiple documents, and a document revocation list (col. 13, lines 1-67). 
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Regarding claims 16 and 38, Garcia teaches preventing access to the 
document, when offline, if a difference between a current time and a receipt time of the 
offline access information exceeds a server-synchronization-frequency parameter 
(col.33, lines 1-67). 

Regarding claims 17 and 39, Garcia teaches wherein the server- 
synchronization- frequency parameter is specific to the document (col.33, lines 1-67). 

Regarding claims 18 and 40, Garcia teaches maintaining an offline audit log; 
and uploading the offline audit log when online (col.31 , lines 30-45). 

Regarding claims 21 and 43, Garcia teaches wherein the document security 
payload further comprises a document identifier assigned by the document control 
server, and incorporating further comprises incorporating into the encrypted electronic 
document a copy of the session key encrypted using a public key associated with the 
document control server (col. 15, lines 1-67). 

Regarding claims 22 and 44, Garcia teaches wherein the document- 
permissions information specifies access permissions at a level of granularity smaller 
than the electronic document (col. 13, lines 1-67). 

Regarding claim 46, Garcia teaches wherein the electronic document comprises 
the document-permissions information (col.33, lines 1-67). 

Regarding claim 47, Garcia teaches wherein the second key comprises a 
session key generated by the document control server, and the electronic document 
further comprises a document security payload comprising a document key and the 
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document-permissions information, tine document security payload being encrypted 
using the session key (col .33, lines 1-67). 

Regarding claim 48, Garcia teaches wherein the offline access information 
update further comprises: at least one user-specific key; at least one group-specific key, 
including the first key; and at least one set of document-permissions information 
associated with multiple documents (col.33, lines 1-67). 

Regarding claim 49, Garcia teaches wherein the client comprises an agent that 
periodically contacts the document control server to synchronize the offline access 
information (col.33, lines 1-67). 

Regarding claim 50, Garcia teaches wherein the document control server 
comprises: a server core with configuration and logging components; an internal 
services component that provides functionality across dynamically loaded methods; and 
dynamically loaded external service providers, including one or more access control 
service providers (col.32, lines 1-67). 

Regarding claim 51, Garcia teaches a business logic tier comprising a cluster of 
document control servers, including the document control server; an application tier 
including the client comprising a viewer client, a securing client, and an administration 
client; and a load balancer that routes client requests to the document control servers 
(col.32, lines 1-67). 

Regarding claim 52, Garcia teaches wherein the client request comprises a 
request from the client to take an action with respect to a second document, and the 
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document control server synchronizes offline access information with the client silently 
in a background process without the user being aware of the update (col .33, lines 1-67). 

Regarding claim 53, Garcia teaches wherein the document control server 
comprises a permissions-broker server including a translation component, the second 
document comprises a document secured previously by the permissions-broker server, 
and the translation component being operable to translate first document-permissions 
information in a first permissions-definition format into second document-permissions 
information in a second permissions-definition format in response to the request being 
received from the client (col. 32, lines 1-67). 

Regarding claim 54, Garcia teaches wherein the server comprises a 
permissions- broker server operable to identify information associated with the second 
document in response to the request, the associated information being retained at the 
server and indicating a third electronic document different from and associated with the 
second document, the server being operable to relate information concerning the third 
electronic document to the client to facilitate the action to be taken (col.33, lines 1-67). 

Regarding claim 55, Garcia teaches wherein the server comprises a 
permissions- broker server operable to obtain and send, in response to the request, a 
software program comprising instructions operable to cause one or more data 
processing apparatus to perform operations effecting an authentication procedure, and 
the client uses the authentication program to identify a current user and control the 
action with respect to the second document based on the current user and document- 
permissions information associated with the second document (col.32, lines 1-67). 
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Regarding claim 57, Garcia teaches server means for dynamically obtaining 
and sending authentication processes in response to client requests to take actions with 
respect to electronic documents; and client means for interfacing with a received 
authentication process to identify a current user and for controlling actions with respect 
to electronic documents based on the current user and document-permissions 
information (col. 31, lines 1-67). 

Claim Rejections - 35 USC § 103 

14. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

15. Claims 2-3 and 24-25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Garcia. 

Regarding claim 2 and 24, Garcia does not expressly disclose wherein 

synchronizing offline access information with the client comprises comparing a time of 
last recorded client- synchronization with a time of last change in user-group information 
for the user. However, Examiner takes Official Notice that the USE of comparing times 
to determine whether to update or not was conventional and well known. Therefore, it 
would have been obvious to one having ordinary skill in the art at the time the invention 
was made to compare times of last changed when synchronizing content since 
Examiner takes Official Notice that it was conventional and well known. 

Regarding claims 3 and 25, Garcia does not expressly disclose wherein 
synchronizing offline access information with the client comprises: receiving user-group 
information for the user from the client; and comparing current user-group information 
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for the user with the received user-group information for the user from the client. 
However, Examiner tal<es Official Notice that the USE of comparing membership was 
conventional and well known. Therefore, it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to compare times of last 
changed when synchronizing content since Examiner takes Official Notice that it was 
conventional and well known. 
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Conclusion 

16. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

1 7. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 

shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

18. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to 99 whose telephone number is (571 )272-5861 . The 
examiner can normally be reached on Monday-Tuesday and Thursday-Friday. 

1 9. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571)272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

20. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/David Garcia Cervetti/ 
Primary Examiner, Art Unit 2436 



